It’s more or less a given that Facebook is still sharing more of your information than you’d like it to despite its increased attention to privacy and security. But according to Symantec there just might be a whole lot of unwanted third-party access to your data due to unintentionally leaked access tokens.

As of April 2011, Symantec estimates that as many as 100,000 Facebook apps may have allowed access to leak — and with 20 million apps installed every day, that amounts to a huge number of tokens floating around. Symantec reported the issue to Facebook, and corrective action has been taken.

However, the fix only prevented new tokens from being leaked. Existing tokens are still usable and could allow third parties to access profile data, chat history, and pictures. Some may even be able to post messages. It’s a worrying prospect, but fortunately the fix is quite simple according to Symantec: change your Facebook password.

The company’s blog post equates changing your password to changing the lock on a door. Yes, copies of your original key may have wound up in the hands of some people you’d rather didn’t have access, but their keys won’t fit in your new lock. If you’ve installed any Facebook apps over the past year and haven’t changed your password since who knows when, there’s no time like the present. Your profile data could be at risk.